Privacy policy

QWeb takes your privacy seriously. We're not just saying that for GDPR, we actually mean it. We're a small company run by real people who want our own privacy to be respected by other companies, so we're very much on your side here.

We don't have a million different privacy policies for different services, just this one. It covers using our website and it's also linked to from some of our other services and included in our project proposals.

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of the Data Protection Act 2018 (the Act) we are the data controller. Our nominated representative for the purpose of the Act is Ric Grant.

Information we may collect from you

We may collect and process the following data about you:

  • Information that you provide through any website that links to this policy. This includes information provided at the time of registering to use the website, filling in a contact form, filling in a discussion form, subscribing to a service such as a mailing list, or placing an order for a service or product.
  • Information that you provide when contacting us via email, telephone, post, or any other means.
  • Information that you provide to us face to face, for example in a meeting or teleconference you might provide us with name and contact information or information regarding a particular project.

Information that we store

  • Your name and contact information and/or the name of your business and its contact information may be stored within our project management software (WorkflowMax) and/or our accounting software (Xero).
  • Information relating to any of your projects that we're involved in, including any login credentials that we need to keep on record to fulfil our services to you, may be stored within our project management software.
  • Any information that you provide via email may be kept for a period of up to 3 years.

Information about your computer

When you use our website, email us, or use our email hosting services, your IP address, operating system name and version, and web browser name and version may be stored for a short period of time in various server logs. These logs persist for a period of about one week and are referred to when investigating security or technical issues.

Cookies and sessions

When using our website, we may create a browser cookie, or initiate a 'session' between your computer and our server to distinguish you from other users of our website. If we create a cookie, we might store information in this cookie such as your website username. If we initiate a session, such information is stored for a short time on our servers under a unique identifier and this identifier is stored in a 'session cookie' by your browser. Sessions are expired after a period of about 20 minutes from your last activity on the website, at which point any data stored is erased. Cookies and sessions help us to provide you with a good experience when you browse our website and also allow us to improve our site.

Our websites use Google Analytics to record and report on analytical information, such as the number of visits we receive during a particular time period or the ratio of desktop and mobile visits. Google Analytics creates some, or all, of the following cookies to store and collect aggregate information and transmits this aggregate information to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google.

  • _ga used to distinguish users.
  • _gid used to distinguish users.
  • _gat used to throttle request rate.
  • _ga_* used to persist session state.
  • AMP_TOKEN contains a token that can be used to retrieve a client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a client ID from AMP Client ID service.

You may refuse the use of cookies by selecting the appropriate settings within your web browser settings, however, please note that doing so may disrupt some functionality of our website.

You may opt out of Google Analytics by installing the Google Analytics opt-out browser extension but please be aware that doing so reduces the accuracy of our website analytics and might make it more difficult for us to provide a useful service. For example if we determine that a feature of our website is rarely used we might replace that feature without knowing that a number of visitors actually do appreciate that feature but have opted out of analytical tracking.

Advertising services

Some of our products, for example games and mobile apps, might include third party advertisements. We only use advertising services that separate generic and personalised adverts, and, by default, we set such services to provide generic adverts that don't require the placement of tracking cookies. Under some circumstances, we'll include a clearly labeled opt-in mechanism to switch to displaying personalised adverts, which may create and read tracking cookies to identify you from other users and to calculate which adverts you're likely to be more interested in, usually from your browsing behaviour.

Where and how we store your personal data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

We follow strict security procedures regarding how your personal information is stored and used, and who sees it, to help stop any unauthorised person getting hold of it.

All of the websites or web based services that we built after May 25th 2018 use obfuscation techniques when storing all personally identifiable information, and where feasible, potentially sensitive information such as discussion messages. Passwords are stored as salted, one-way encryption hashes. Websites that we built before May 25th 2018 will be or have been, where possible, re-engineered to use obfuscation techniques when storing personally identifiable information previously stored in plain text.

We take security extremely seriously but as no system is 100% secure, we can’t completely guarantee the protection of your personal information, any more than any other organisation can. We can’t accept any liability for the loss, theft, or misuse of the personal information which you've provided if there is a security breach.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.


Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

How we use your personal information

We use information held about you in the following ways:

  • To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
  • To carry out our obligations arising from any contracts entered into between you and us.
  • To allow you to participate in interactive features of our service, when you choose to do so.
  • To notify you about changes to our service.

Disclosure of your information

We may disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If we or our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply and other agreements; or to protect rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Services provided by other parties

Our site may, from time to time, contain links to the websites of our partner networks, advertisers and affiliates.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you submit any personal data to these websites.

Your rights

You have the right to access information held about you and to request removal of such information. Please contact us if you'd like your information to be removed from our systems and we'll do everything we can to fulfil such request within a reasonable time period. Please be aware that under some circumstances we may not be able to immediately fulfil your request, for example if you're awaiting an order from us and we need to retain your information while processing your order.

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email.